Here's a segment from my patch. All it shoudl be doing is switching
NSSRenegotiation from off to on, but it doesn't have any effect. Am I
missing something conceptually here?
+++ b/ipaserver/install/httpinstance.py
@@ -160,6 +160,9 @@ class HTTPInstance(service.Service):
def __set_mod_nss_nickname(self, nickname):
installutils.set_directive(NSS_CONF, 'NSSNickname', nickname)
+ def __enable_mod_nss_renegotiate(self):
+ installutils.set_directive(NSS_CONF, 'NSSRenegotiation', 'on')
+
def __set_mod_nss_passwordfile(self):
installutils.set_directive(NSS_CONF, 'NSSPassPhraseDialog',
'file:/etc/
@@ -189,6 +192,7 @@ class HTTPInstance(service.Service):
db.track_server_cert(nickname, self.principal,
db.passwd_fname)
self.__set_mod_nss_nickname(nickname)
+ self.__enable_mod_nss_renegotiate()
else:
if self.self_signed_ca:
db.create_from_cacert(ca_db.cacert_fname)
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index d1234a0..23d06ab 100644
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
